What to Watch Out For: Svchost.exe Removal due to "False Positive"

What happened?
On April 21, 2010, McAfee released a virus signature that incorrectly identified a core Windows operating system file called SVCHOST.EXE as a threat. When McAfee's products incorrectly detect SVCHOST.EXE as malware, the file may be deleted from the computer or quarantined, but without access to this critical operating system file, Windows fails to load properly and can cause significant system instability. For example, when this occurs Windows may shut down the computer and when the user attempts to re-start, the machine may become completely inoperable.

What else you should watch out for?
Creators of rogue antivirus software have been using this news to push poisoned search terms such as McAfee, 5958, and DAT that return results that can lead to malicious and fake antivirus scans resulting in the installation of malware. An example of this takes you to a site where you will find a fake online scanner followed by the offer of fake antivirus software. This attack by the malware creators is quite insidious as many of the people searching for information about this problem are most likely already affected by the problem and are looking for a solution using another computer, perhaps borrowed from a friend or family member.

Keep your computer updated with the latest patches. If you don’t know how to do this, have someone help you set your system to update itself.

Don’t use "free" security scans that pop up on many web sites. All too often these are fake, using scare tactics to try to get you to purchase their "full" service. In many cases these are actually infecting you while they run. There is reason to believe that the creators of the Conficker worm are associated with some of these fake security products.

Turn off the "autorun" feature that will automatically run programs found on memory sticks and other USB devices.

Be smart with your passwords. This includes

Change your passwords periodically

Use complex passwords - no simple names or words, use special characters and numbers

Using a separate, longer password for each site that has sensitive personal information or access to your bank accounts or credit cards.